Tag: authentication

In my last blog post I covered a custom Java servlet running on Tomcat that gives statistics on current active users using a Java application running on the Tomcat server.

You may realize that this servlet, or any Tomcat servlet/application is world-readable, and you may want to protect it with a password.

There are several ways you can password protect it. For example, you could simply create an input form where a password is entered, and only then display the information. Or add an authentication string to the URL, or add custom HTTP headers which the servlet reads.

This blog post covers the simple old school HTTP authentication, where the browser pops up a username/password dialog box to the user.

As you can see, the servlet code first looks for an “Authorization” HTTP header, if not present it sends a standard response code, which causes the browser to prompt the user. The username/password are then transmitted to the servlet, which supports the standard BASIC authentication, with the username/password base64 encoded. The servlet then matches the username/password to a HashMap of configured users we’ve defined in the init() method.

Last two blog posts I explored how to get the number of active sessions either directly through Tomcat (https://adeelscorner.wordpress.com/2016/03/13/getting-the-number-of-active-sessions-in-tomcat/), or through the application (particularly in Vaadin, https://adeelscorner.wordpress.com/2016/03/20/getting-the-number-of-active-sessions-in-vaadin/).

This blog post will explore putting both together and getting the session data through a servlet mapped to a URL. This way an admin can get the stats for a particular server right through a browser.

So as you can see, the Tomcat session stats are queried, and displayed. And then the ApplicationLevelTracker is used to loop through a HashMap of users logged in and their idle/active as-of timestamp is displayed. This information can be useful to a system administrator in many ways, such as when determining if a server is in use and should not be taken offline. And it can be accessed through a browser by visiting: http://hostname/SessionStats

So I’ve been working on a personal project using the MEAN stack (MongoDB, ExpressJS, AngularJS and NodeJS)! The nerd in me has been pretty excited to learn something completely new and different. I’ve never done full-stack development strictly in JavaScript, and so far I’m finding it to be pretty neat. I’ll be making posts about things I struggle with, or find useful, as I progress.

Anyway, I used the DaftMonk AngularJS full-stack yeoman generator (https://github.com/DaftMonk/generator-angular-fullstack) for my project seed. I definitely recommend it if you’re starting out fresh with MEAN (or even if you’re not), since it speeds up the initial setup and development immensely.

My problem arose as I was wiring up some post-processing to be done after a user logged in. In the login controller (login.controller.js), after the login function is called from the Auth service, there is a function in “.then()” that is called upon success.

However, even though the user has logged in, the user data is not available yet! So, you cannot access the current user’s data properties (such as their role) through Auth.getCurrentUser() (for example the Auth.getCurrentUser().role field will be undefined). This is due to the fact that the data is loaded asynchronously (I’m still trying to get the hang of how that works).

The way around this is to use the Auth.isLoggedInAsync(…callback…) function. The callback sent to isLoggedInAsync is called after the user has finally been loaded, which will guarantee your post-login-processing code being executed after the data for the user is available.